Forum Discussion
Anti-malware policy doesn't block files
Hello Microsoft Community,
We have recently found that Anti-malware policy doesn't block files that are set to be blocked by the policy.
For example, when we send an *.ics file with a cmd/exe/jse/rdp and other files inside of the ics, the email is not blocked and is delivered to users.
We did several tests with external security vendor by sending real malwares, ransomwares and exploits attached to the ics and all of them passed the filtering system.
Is anyone aware of the issue? Doesn't MDO scans nested files?!
This has happened with a few tenants. Those tenants have Microsoft E5 licenses.
1 Reply
Hi mikhailf
So i guess, you have blocked it via the MalwareFilterPolicy
Get-MalwareFilterPolicy -Identity Default | select -ExpandProperty FileTypes
Did you try the "BlockExecutableAttachment" Transport Rule?
Kind Regards
Andres
